New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
t/op/taint.t fails in FIPS mode #14287
Comments
From @ppisarHello, attached is a patch fixing a t/op/taint.t failure due to crypt(3) returning -- Petr |
From @ppisar0001-t-op-taint.t-Perform-SHA-256-algorithm-by-crypt-if-d.patchFrom 0a370b8f77bd4b1be3f776257869e5c85eb9e8e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Mon, 1 Dec 2014 15:28:36 +0100
Subject: [PATCH] t/op/taint.t: Perform SHA-256 algorithm by crypt() if default
one is disabled
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The crypt(3) call may return NULL. This is the case on FIPS-enabled
platforms. Then "tainted crypt" test would fail.
See RT#121591 for similar fix in t/op/crypt.t.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
t/op/taint.t | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/t/op/taint.t b/t/op/taint.t
index f9e8331..a13fde4 100644
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -1967,7 +1967,19 @@ foreach my $ord (78, 163, 256) {
SKIP: {
skip 'No crypt function, skipping crypt tests', 4 if(!$Config{d_crypt});
# 59998
- sub cr { my $x = crypt($_[0], $_[1]); $x }
+ sub cr {
+ # On platforms implementing FIPS mode, using a weak algorithm
+ # (including the default triple-DES algorithm) causes crypt(3) to
+ # return a null pointer, which Perl converts into undef. We assume
+ # for now that all such platforms support glibc-style selection of
+ # a different hashing algorithm.
+ my $alg = ''; # Use default algorithm
+ if ( !defined(crypt("ab", "cd")) ) {
+ $alg = '$5$'; # Use SHA-256
+ }
+ my $x = crypt($_[0], $alg . $_[1]);
+ $x
+ }
sub co { my $x = ~$_[0]; $x }
my ($a, $b);
$a = cr('hello', 'foo' . $TAINT);
--
1.9.3
|
From @cpansproutOn Mon Dec 01 06:50:52 2014, ppisar wrote:
Thank you. Applied as a2d725a. -- Father Chrysostomos |
The RT System itself - Status changed from 'new' to 'open' |
@cpansprout - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#123338 (status was 'resolved')
Searchable as RT123338$
The text was updated successfully, but these errors were encountered: